The IETF published version 1.3 of the TLS specification. Version 1.3 addresses a number of things to make the protocol fit for the future:
- It removes some old and creaky cryptography which we really shouldn’t be using anymore.
- It makes a bunch of attacks less likely.
- It adds some more robust connection privacy protection, intended to protect individuals from 'pervasive monitoring'.
The challenge is that these protections will also make the enterprise security model much, much harder

No Decryption

Man-in-the-middle approach is relatively simple with an encryption key based on a server identity but becomes vastly more complex with the scheme used by TLS 1.3. To put it bluntly, TLS 1.3 breaks many of the products used by organizations deploying TLS 1.2 for their encryption

Update Technology

It's impossible to whitelist sites anymore because server certificates are encrypted. So, your appliance will be unable to work out whether you’re communicating with your bank, or if malware on your machine is talking to its criminal masters, without breaking the connection

Barac Encrypted Traffic Visibility

Compliant with TLS 1.3

Because we work on the metadata, barac is compliant with TLS 1.3 and helps you detect attacks on encrypted traffic without decryption.